General
-
Target
4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.zip
-
Size
29KB
-
Sample
210511-3s5fdevtv6
-
MD5
786a6eddf1e391d77228c29867b40d23
-
SHA1
865be43b9d4d731f7af7b6fde24b75eaef951851
-
SHA256
5b565b5878ea50f5dd31992dd6f3a8363031a44b00e574f18ff70cc982cb2966
-
SHA512
2a47b6ca61a977d553a4e3d99ce5c3109f5b09602204145644ba7a41bde5a1163ce23be159c2c1850c9040b5a79d80f8cbcc2f9e6f98ce56d1e854433063eaf1
Static task
static1
Behavioral task
behavioral1
Sample
4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.exe
Resource
win10v20210410
Malware Config
Extracted
C:\\README.f2cbf9aa.TXT
darkside
http://darksidfqzcuhtk2.onion/OBB5DDMR8RB9DI2RYYF376YGBJAV2J4F2NXFEWPBSXY709MAA0MY7PMBBQJ0HVG3
Targets
-
-
Target
4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.exe
-
Size
30KB
-
MD5
f00aded4c16c0e8c3b5adfc23d19c609
-
SHA1
86ca4973a98072c32db97c9433c16d405e4154ac
-
SHA256
4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a
-
SHA512
a2697c2b008af3c51db771ba130590e40de2b0c7ad6f18b5ba284edffdc7a38623b56bc24939bd3867a55a7d263b236e02d1f0d718a5d3625402f2325cbfbedf
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry
-